Skip to content

feat(policy): Unique name for the key provider. #2391

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jun 5, 2025
+122 −56
Merged

feat(policy): Unique name for the key provider. #2391

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e7caea8
feat(policy): Unique name for the key provider.
c-r33d Jun 5, 2025
ce42774
linting.
c-r33d Jun 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
152 changes: 97 additions & 55 deletions service/integration/keymanagement_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,19 +48,15 @@ func (s *KeyManagementSuite) TearDownSuite() {
}

func (s *KeyManagementSuite) Test_CreateProviderConfig_NoMetada_Succeeds() {
s.createTestProviderConfig()
pcIDs := make([]string, 0)
s.deleteTestProviderConfigs(append(pcIDs, s.createTestProviderConfig(testProvider, validProviderConfig, nil).GetId()))
}

func (s *KeyManagementSuite) Test_CreateProviderConfig_Metadata_Succeeds() {
pc, err := s.db.PolicyClient.CreateProviderConfig(s.ctx, &keymanagement.CreateProviderConfigRequest{
Name: testProvider,
ConfigJson: validProviderConfig,
Metadata: &common.MetadataMutable{
Labels: validLabels,
},
})
s.Require().NoError(err)
s.NotNil(pc)
pcIDs := make([]string, 0)
s.deleteTestProviderConfigs(append(pcIDs, s.createTestProviderConfig(testProvider, validProviderConfig, &common.MetadataMutable{
Labels: validLabels,
}).GetId()))
}

func (s *KeyManagementSuite) Test_CreateProviderConfig_EmptyConfig_Fails() {
Expand All @@ -82,31 +78,48 @@ func (s *KeyManagementSuite) Test_CreateProviderConfig_InvalidConfig_Fails() {
s.Nil(pc)
}

func (s *KeyManagementSuite) Test_GetProviderConfig_WithId_Succeeds() {
func (s *KeyManagementSuite) Test_CreateProviderConfig_DuplicateName_Fails() {
pcIDs := make([]string, 0)
defer func() {
s.deleteTestProviderConfigs(pcIDs)
}()
pc := s.createTestProviderConfig(testProvider, validProviderConfig, nil)
pcIDs = append(pcIDs, pc.GetId())

pc, err := s.db.PolicyClient.CreateProviderConfig(s.ctx, &keymanagement.CreateProviderConfigRequest{
Name: testProvider,
Name: pc.GetName(),
ConfigJson: validProviderConfig,
})
s.Require().NoError(err)
s.NotNil(pc)
s.Require().Error(err)
s.Require().ErrorContains(err, db.ErrUniqueConstraintViolation.Error())
s.Nil(pc)
}

pc, err = s.db.PolicyClient.GetProviderConfig(s.ctx, &keymanagement.GetProviderConfigRequest_Id{
func (s *KeyManagementSuite) Test_GetProviderConfig_WithId_Succeeds() {
pcIDs := make([]string, 0)
defer func() {
s.deleteTestProviderConfigs(pcIDs)
}()
pc := s.createTestProviderConfig(testProvider, validProviderConfig, nil)
pcIDs = append(pcIDs, pc.GetId())

pc, err := s.db.PolicyClient.GetProviderConfig(s.ctx, &keymanagement.GetProviderConfigRequest_Id{
Id: pc.GetId(),
})
s.Require().NoError(err)
s.NotNil(pc)
}

func (s *KeyManagementSuite) Test_GetProviderConfig_WithName_Succeeds() {
pc, err := s.db.PolicyClient.CreateProviderConfig(s.ctx, &keymanagement.CreateProviderConfigRequest{
Name: testProvider2,
ConfigJson: validProviderConfig,
})
s.Require().NoError(err)
s.NotNil(pc)

pc, err = s.db.PolicyClient.GetProviderConfig(s.ctx, &keymanagement.GetProviderConfigRequest_Name{
Name: testProvider2,
pcIDs := make([]string, 0)
defer func() {
s.deleteTestProviderConfigs(pcIDs)
}()
pc := s.createTestProviderConfig(testProvider, validProviderConfig, nil)
pcIDs = append(pcIDs, pc.GetId())

pc, err := s.db.PolicyClient.GetProviderConfig(s.ctx, &keymanagement.GetProviderConfigRequest_Name{
Name: pc.GetName(),
})
s.Require().NoError(err)
s.NotNil(pc)
Expand All @@ -120,7 +133,12 @@ func (s *KeyManagementSuite) Test_GetProviderConfig_InvalidIdentifier_Fails() {

// Finish List/Update/Delete tests
func (s *KeyManagementSuite) Test_ListProviderConfig_No_Pagination_Succeeds() {
s.createTestProviderConfig()
pcIDs := make([]string, 0)
defer func() {
s.deleteTestProviderConfigs(pcIDs)
}()
pc := s.createTestProviderConfig(testProvider, validProviderConfig, nil)
pcIDs = append(pcIDs, pc.GetId())

resp, err := s.db.PolicyClient.ListProviderConfigs(s.ctx, &policy.PageRequest{})
s.Require().NoError(err)
Expand All @@ -129,22 +147,37 @@ func (s *KeyManagementSuite) Test_ListProviderConfig_No_Pagination_Succeeds() {
}

func (s *KeyManagementSuite) Test_ListProviderConfig_PaginationLimit_Succeeds() {
s.createTestProviderConfig()
s.createTestProviderConfig()

resp, err := s.db.PolicyClient.ListProviderConfigs(s.ctx, &policy.PageRequest{
pcIDs := make([]string, 0)
defer func() {
s.deleteTestProviderConfigs(pcIDs)
}()
pc := s.createTestProviderConfig(testProvider, validProviderConfig, nil)
pcIDs = append(pcIDs, pc.GetId())
pc2 := s.createTestProviderConfig(testProvider2, validProviderConfig, nil)
pcIDs = append(pcIDs, pc2.GetId())

respOne, err := s.db.PolicyClient.ListProviderConfigs(s.ctx, &policy.PageRequest{
Limit: 1,
})
s.Require().NoError(err)
s.NotNil(resp)
s.NotEmpty(resp.GetProviderConfigs())
s.Len(resp.GetProviderConfigs(), 1)
s.GreaterOrEqual(resp.GetPagination().GetTotal(), int32(1))
s.NotNil(respOne)
s.NotEmpty(respOne.GetProviderConfigs())
s.Len(respOne.GetProviderConfigs(), 1)
s.GreaterOrEqual(respOne.GetPagination().GetTotal(), int32(1))

respTwo, err := s.db.PolicyClient.ListProviderConfigs(s.ctx, &policy.PageRequest{
Limit: 1,
Offset: 1,
})
s.Require().NoError(err)
s.NotNil(respTwo)
s.NotEmpty(respTwo.GetProviderConfigs())
s.Len(respTwo.GetProviderConfigs(), 1)
s.GreaterOrEqual(respTwo.GetPagination().GetTotal(), int32(1))
s.NotEqual(respOne.GetProviderConfigs()[0].GetId(), respTwo.GetProviderConfigs()[0].GetId())
}

func (s *KeyManagementSuite) Test_ListProviderConfig_PaginationLimitExceeded_Fails() {
s.createTestProviderConfig()

resp, err := s.db.PolicyClient.ListProviderConfigs(s.ctx, &policy.PageRequest{
Limit: s.db.LimitMax + 1,
})
Expand All @@ -153,20 +186,20 @@ func (s *KeyManagementSuite) Test_ListProviderConfig_PaginationLimitExceeded_Fai
}

func (s *KeyManagementSuite) Test_UpdateProviderConfig_ExtendsMetadata_Succeeds() {
pc, err := s.db.PolicyClient.CreateProviderConfig(s.ctx, &keymanagement.CreateProviderConfigRequest{
Name: testProvider,
ConfigJson: validProviderConfig,
Metadata: &common.MetadataMutable{
Labels: validLabels,
},
pcIDs := make([]string, 0)
defer func() {
s.deleteTestProviderConfigs(pcIDs)
}()
pc := s.createTestProviderConfig(testProvider, validProviderConfig, &common.MetadataMutable{
Labels: validLabels,
})
s.Require().NoError(err)
pcIDs = append(pcIDs, pc.GetId())
s.NotNil(pc)
s.Equal(testProvider, pc.GetName())
s.Equal(validProviderConfig, pc.GetConfigJson())
s.Equal(validLabels, pc.GetMetadata().GetLabels())

pc, err = s.db.PolicyClient.UpdateProviderConfig(s.ctx, &keymanagement.UpdateProviderConfigRequest{
pc, err := s.db.PolicyClient.UpdateProviderConfig(s.ctx, &keymanagement.UpdateProviderConfigRequest{
Id: pc.GetId(),
Name: testProvider2,
ConfigJson: validProviderConfig2,
Expand All @@ -191,20 +224,20 @@ func (s *KeyManagementSuite) Test_UpdateProviderConfig_ExtendsMetadata_Succeeds(
}

func (s *KeyManagementSuite) Test_UpdateProviderConfig_ReplaceMetadata_Succeeds() {
pc, err := s.db.PolicyClient.CreateProviderConfig(s.ctx, &keymanagement.CreateProviderConfigRequest{
Name: testProvider,
ConfigJson: validProviderConfig,
Metadata: &common.MetadataMutable{
Labels: validLabels,
},
pcIDs := make([]string, 0)
defer func() {
s.deleteTestProviderConfigs(pcIDs)
}()
pc := s.createTestProviderConfig(testProvider, validProviderConfig, &common.MetadataMutable{
Labels: validLabels,
})
s.Require().NoError(err)
pcIDs = append(pcIDs, pc.GetId())
s.NotNil(pc)
s.Equal(testProvider, pc.GetName())
s.Equal(validProviderConfig, pc.GetConfigJson())
s.Equal(validLabels, pc.GetMetadata().GetLabels())

pc, err = s.db.PolicyClient.UpdateProviderConfig(s.ctx, &keymanagement.UpdateProviderConfigRequest{
pc, err := s.db.PolicyClient.UpdateProviderConfig(s.ctx, &keymanagement.UpdateProviderConfigRequest{
Id: pc.GetId(),
Name: testProvider2,
ConfigJson: validProviderConfig2,
Expand Down Expand Up @@ -260,7 +293,7 @@ func (s *KeyManagementSuite) Test_UpdateProviderConfig_ConfigNotFound_Fails() {
}

func (s *KeyManagementSuite) Test_DeleteProviderConfig_Succeeds() {
pc := s.createTestProviderConfig()
pc := s.createTestProviderConfig(testProvider, validProviderConfig, nil)
s.NotNil(pc)
pc, err := s.db.PolicyClient.DeleteProviderConfig(s.ctx, pc.GetId())
s.Require().NoError(err)
Expand All @@ -273,16 +306,25 @@ func (s *KeyManagementSuite) Test_DeleteProviderConfig_InvalidUUID_Fails() {
s.Nil(pc)
}

func (s *KeyManagementSuite) createTestProviderConfig() *policy.KeyProviderConfig {
func (s *KeyManagementSuite) createTestProviderConfig(providerName string, config []byte, metadata *common.MetadataMutable) *policy.KeyProviderConfig {
pc, err := s.db.PolicyClient.CreateProviderConfig(s.ctx, &keymanagement.CreateProviderConfigRequest{
Name: testProvider,
ConfigJson: validProviderConfig,
Name: providerName,
ConfigJson: config,
Metadata: metadata,
})
s.Require().NoError(err)
s.NotNil(pc)
return pc
}

func (s *KeyManagementSuite) deleteTestProviderConfigs(ids []string) {
for _, id := range ids {
pc, err := s.db.PolicyClient.DeleteProviderConfig(s.ctx, id)
s.Require().NoError(err)
s.NotNil(pc)
}
}

func TestKeyManagementSuite(t *testing.T) {
if testing.Short() {
t.Skip("skipping attribute values integration tests")
Expand Down
12 changes: 12 additions & 0 deletions service/policy/db/migrations/20250605000000_unique_provider_name.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
```mermaid
erDiagram
provider_config {
jsonb config "Configuration details for the key provider"
timestamp_with_time_zone created_at "Timestamp when the provider configuration was created"
uuid id PK "Unique identifier for the provider configuration"
jsonb metadata "Additional metadata for the provider configuration"
character_varying provider_name UK "Unique name for the key provider."
timestamp_with_time_zone updated_at "Timestamp when the provider configuration was last updated"
}
```
<style>div.mermaid{overflow-x:scroll;}div.mermaid>svg{width:250rem;}</style>
11 changes: 11 additions & 0 deletions service/policy/db/migrations/20250605000000_unique_provider_name.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
-- +goose Up
-- +goose StatementBegin
ALTER TABLE provider_config ADD CONSTRAINT provider_config_provider_name_key UNIQUE (provider_name);

COMMENT ON COLUMN provider_config.provider_name IS 'Unique name for the key provider.';
-- +goose StatementEnd

-- +goose Down
-- +goose StatementBegin
ALTER TABLE provider_config DROP CONSTRAINT IF EXISTS provider_config_provider_name_key;
-- +goose StatementEnd
3 changes: 2 additions & 1 deletion service/policy/db/schema_erd.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@ erDiagram
timestamp_with_time_zone created_at "Timestamp when the provider configuration was created"
uuid id PK "Unique identifier for the provider configuration"
jsonb metadata "Additional metadata for the provider configuration"
character_varying provider_name "Name of the key provider"
character_varying provider_name UK "Unique name for the key provider."
timestamp_with_time_zone updated_at "Timestamp when the provider configuration was last updated"
}

Expand Down Expand Up @@ -191,6 +191,7 @@ erDiagram
timestamp_with_time_zone created_at
uuid id PK "Primary key for the table"
jsonb metadata "Metadata for the condition set (see protos for structure)"
ARRAY selector_values "Array of cached selector values extracted from the condition JSONB and maintained via trigger."
timestamp_with_time_zone updated_at
}

Expand Down
Loading